﻿// (c) Copyright Ascensio System SIA 2010-2022
//
// This program is a free software product.
// You can redistribute it and/or modify it under the terms
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
// any third-party rights.
//
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR  PURPOSE. For details, see
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
//
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
//
// The  interactive user interfaces in modified source and object code versions of the Program must
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
//
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
// trademark law for use of our trademarks.
//
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode

namespace ASC.ActiveDirectory.Base;
/// <summary>
/// Constants of Active Directory
/// </summary>
public sealed class LdapConstants
{
    public const int STANDART_LDAP_PORT = 389;
    public const int SSL_LDAP_PORT = 636;
    public const int LDAP_ERROR_INVALID_CREDENTIALS = 0x31;
    public const int LDAP_V3 = 3;

    public const string OBJECT_FILTER = "(ObjectClass=*)";

    /// <summary>
    /// User Account type
    /// </summary>
    [Flags]
    public enum AccountType : uint
    {
        // ReSharper disable InconsistentNaming

        /// <summary></summary>
        SAM_DOMAIN_OBJECT = 0x00000000,

        /// <summary></summary>
        SAM_GROUP_OBJECT = 0x10000000,

        /// <summary></summary>
        SAM_NON_SECURITY_GROUP_OBJECT = 0x10000001,

        /// <summary></summary>
        SAM_ALIAS_OBJECT = 0x20000000,

        /// <summary></summary>
        SAM_NON_SECURITY_ALIAS_OBJECT = 0x20000001,

        /// <summary></summary>
        SAM_USER_OBJECT = 0x30000000,

        //SAM_NORMAL_USER_ACCOUNT = 0x30000000,

        /// <summary></summary>
        SAM_MACHINE_ACCOUNT = 0x30000001,

        /// <summary></summary>
        SAM_TRUST_ACCOUNT = 0x30000002,

        /// <summary></summary>
        SAM_APP_BASIC_GROUP = 0x40000000,

        /// <summary></summary>
        SAM_APP_QUERY_GROUP = 0x40000001

        // ReSharper restore InconsistentNaming
    }

    /// <summary>
    /// User Account Control
    /// </summary>
    [Flags]
    public enum UserAccountControl : uint
    {
        // ReSharper disable InconsistentNaming

        /// <summary>Zero flag</summary>
        EMPTY = 0x00000000,

        /// <summary>The logon script is executed.</summary>
        ADS_UF_SCRIPT = 0x00000001,

        /// <summary>The user account is disabled.</summary>
        ADS_UF_ACCOUNTDISABLE = 0x00000002,

        /// <summary>The home directory is required.</summary>
        ADS_UF_HOMEDIR_REQUIRED = 0x00000008,

        /// <summary>The account is currently locked out.</summary>
        ADS_UF_LOCKOUT = 0x00000010,

        /// <summary>No password is required.</summary>
        ADS_UF_PASSWD_NOTREQD = 0x00000020,

        /// <summary>The user cannot change the password</summary>
        ADS_UF_PASSWD_CANT_CHANGE = 0x00000040,

        /// <summary>The user can send an encrypted password.</summary>
        ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x00000080,

        /// <summary>This is an account for users whose primary account is in another domain. 
        /// This account provides user access to this domain, but not to any domain that trusts 
        /// this domain. Also known as a local user account.</summary>
        ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0x00000100,

        /// <summary>This is a default account type that represents a typical user.</summary>
        ADS_UF_NORMAL_ACCOUNT = 0x00000200,

        /// <summary>This is a computer account for a computer that is a member of this domain.</summary>
        ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x00001000,

        /// <summary>This is a computer account for a system backup domain controller 
        /// that is a member of this domain.</summary>
        ADS_UF_SERVER_TRUST_ACCOUNT = 0x00002000,

        /// <summary>The password for this account will never expire.</summary>
        ADS_UF_DONT_EXPIRE_PASSWD = 0x00010000,

        /// <summary>The user must log on using a smart card.</summary>
        ADS_UF_SMARTCARD_REQUIRED = 0x00040000,

        /// <summary>The service account (user or computer account), under which a service runs, 
        /// is trusted for Kerberos delegation. Any such service can impersonate a client 
        /// requesting the service.</summary>
        ADS_UF_TRUSTED_FOR_DELEGATION = 0x00080000,

        /// <summary>The security context of the user will not be delegated to a service even 
        /// if the service account is set as trusted for Kerberos delegation.</summary>
        ADS_UF_NOT_DELEGATED = 0x00100000,

        /// <summary>Restrict this principal to use only Data Encryption Standard 
        /// (DES) encryption types for keys.</summary>
        ADS_UF_USE_DES_KEY_ONLY = 0x00200000,

        /// <summary>This account does not require Kerberos pre-authentication for logon.</summary>
        ADS_UF_DONT_REQUIRE_PREAUTH = 0x00400000,

        /// <summary>The user password has expired. This flag is created by the system 
        /// using data from the Pwd-Last-Set attribute and the domain policy.</summary>
        ADS_UF_PASSWORD_EXPIRED = 0x00800000,

        /// <summary>The account is enabled for delegation. This is a security-sensitive 
        /// setting; accounts with this option enabled should be strictly controlled. 
        /// This setting enables a service running under the account to assume a client 
        /// identity and authenticate as that user to other remote servers on the network.</summary>
        ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x01000000

        // ReSharper restore InconsistentNaming
    }

    /// <summary>
    /// Type of Group
    /// </summary>
    [Flags]
    public enum GroupType : uint
    {
        // ReSharper disable InconsistentNaming

        /// <summary>System group</summary>
        SYSTEM = 0x00000001,

        /// <summary>Global scope group</summary>
        GLOBAL_SCOPE = 0x00000002,

        /// <summary>Local domain scope group</summary>
        LOCAL_DOMAIN_SCOPE = 0x00000004,

        /// <summary>Universal scope group</summary>
        UNIVERSAL_SCOPE = 0x00000008,

        /// <summary>Specifies an APP_BASIC group for Windows Server Authorization Manager.</summary>
        APP_BASIC = 0x000000010,

        /// <summary>Specifies an APP_QUERY group for Windows Server Authorization Manager.</summary>
        APP_QUERY = 0x000000020,

        /// <summary>Security group</summary>
        SECURITY_GROUP = 0x80000000

        // ReSharper restore InconsistentNaming
    }

    /// <summary>
    /// Schema attributes of Active Directory
    /// </summary>
    // ReSharper disable once InconsistentNaming
    public static class ADSchemaAttributes
    {
        /// <summary>Relative Distinguished Name </summary>
        public const string NAME = "name";

        /// <summary>Common-Name</summary>
        public const string COMMON_NAME = "cn";

        /// <summary>Display-Name</summary>
        public const string DISPLAY_NAME = "displayName";

        /// <summary>The list of classes from which this class is derived.</summary>
        public const string OBJECT_CLASS = "objectClass";

        /// <summary>DN category</summary>
        public const string OBJECT_CATEGORY = "objectCategory";

        /// <summary>The unique identifier for an object.</summary>
        public const string OBJECT_GUID = "objectGUID";

        /// <summary>Show-In-Advanced-View-Only</summary>
        public const string SHOW_IN_ADVANCED_VIEW_ONLY = "showInAdvancedViewOnly";

        /// <summary>Obj-Dist-Name</summary>
        public const string DISTINGUISHED_NAME = "distinguishedName";

        /// <summary>Is-Critical-System-Object</summary>
        public const string IS_CRITICAL_SYSTEM_OBJECT = "isCriticalSystemObject";

        /// <summary>NT-Security-Descriptor in format SDDL</summary>
        public const string NT_SECURITY_DESCRIPTOR = "nTSecurityDescriptor";

        /// <summary>Is-Member-Of-DL</summary>
        public const string MEMBER_OF = "memberOf";

        /// <summary>Users which are members of this object</summary>
        public const string MEMBER = "member";

        /// <summary>Organizational-Unit-Name</summary>
        public const string ORGANIZATIONAL_UNIT_NAME = "ou";

        /// <summary>Organization-Name</summary>
        public const string ORGANIZATION_NAME = "o";

        /// <summary>SAM-Account-Name</summary>
        public const string ACCOUNT_NAME = "sAMAccountName";

        /// <summary>SAM-Account-Type</summary>
        public const string ACCOUNT_TYPE = "sAMAccountType";

        /// <summary>A binary value that specifies the security identifier (SID) of the user. 
        /// The SID is a unique value used to identify the user as a security principal.</summary>
        public const string OBJECT_SID = "objectSid"; //Object-Sid

        /// <summary>Flags that control the behavior of the user account.</summary>
        public const string USER_ACCOUNT_CONTROL = "userAccountControl";

        /// <summary>This attribute contains the UPN that is an Internet-style login name 
        /// for a user based on the Internet standard RFC 822. The UPN is shorter than 
        /// the distinguished name and easier to remember. By convention, this should map 
        /// to the user e-mail name. The value set for this attribute is equal to the length 
        /// of the user's ID and the domain name. For more information about this attribute, 
        /// see the Naming Properties topic in the Active Directory guide.</summary>
        public const string USER_PRINCIPAL_NAME = "userPrincipalName";

        /// <summary>Contains the given name (first name) of the user.</summary>
        public const string FIRST_NAME = "givenName";

        /// <summary>This attribute contains the family or last name for a user.</summary>
        public const string SURNAME = "sn";

        /// <summary>Primary-Group-ID</summary>
        public const string PRIMARY_GROUP_ID = "primaryGroupID";

        /// <summary>Name of computer as registered in DNS</summary>
        public const string DNS_HOST_NAME = "dNSHostName";

        /// <summary>The Operating System Version string </summary>
        public const string OPERATING_SYSTEM_VERSION = "operatingSystemVersion";

        /// <summary>The Operating System Service Pack ID String </summary>
        public const string OPERATING_SYSTEM_SERVICE_PACK = "operatingSystemServicePack";

        /// <summary>The hotfix level of the operating system.</summary>
        public const string OPERATING_SYSTEM_HOTFIX = "operatingSystemHotfix";

        /// <summary>The Operating System name .</summary>
        public const string OPERATING_SYSTEM = "operatingSystem";

        /// <summary>The TCP/IP address for a network segment. Also called the subnet address.</summary>
        public const string NETWORK_ADDRESS = "networkAddress";

        /// <summary>Mobile phone</summary>
        public const string MOBILE = "mobile";

        /// <summary>Email address</summary>
        public const string MAIL = "mail";

        /// <summary>Telephone number</summary>
        public const string TELEPHONE_NUMBER = "telephoneNumber";

        /// <summary>Title</summary>
        public const string TITLE = "title";

        /// <summary>Street Address</summary>
        public const string STREET = "street";

        /// <summary>Postal code</summary>
        public const string POSTAL_CODE = "postalCode";

        /// <summary>Home phone</summary>
        public const string HOME_PHONE = "homePhone";

        /// <summary>Initials</summary>
        public const string INITIALS = "initials";

        /// <summary>Department</summary>
        public const string DIVISION = "division";

        /// <summary>Company</summary>
        public const string COMPANY = "company";
    }

    public static class RfcLDAPAttributes
    {
        public const string ENTRY_DN = "entryDN";
        public const string GUID = "GUID";
        public const string ENTRY_UUID = "entryUUID";
        public const string NS_UNIQUE_ID = "nsuniqueid";
        public const string UID = "uid";
        public const string MEMBER_UID = "memberUid";
        public const string DN = "dn";
    }

    /// <summary>
    /// Standart attributes of ObjectClass
    /// </summary>
    public static class ObjectClassKnowedValues
    {
        /// <summary>
        /// top value
        /// </summary>
        public const string TOP = "top";

        /// <summary>
        /// Domain name
        /// </summary>
        public const string DOMAIN = "domain";

        /// <summary>
        /// Domain DNS
        /// </summary>
        public const string DOMAIN_DNS = "domainDNS";

        /// <summary>
        /// Group name
        /// </summary>
        public const string GROUP = "group";

        /// <summary>
        /// posix-group
        /// </summary>
        public const string POSIX_GROUP = "posixGroup";

        /// <summary>
        /// Person
        /// </summary>
        public const string PERSON = "person";

        /// <summary>
        /// Container
        /// </summary>
        public const string CONTAINER = "container";

        /// <summary>
        /// Org unit
        /// </summary>
        public const string ORGANIZATIONAL_UNIT = "organizationalUnit";

        /// <summary>
        /// Org name
        /// </summary>
        public const string ORGANIZATION = "organization";

        /// <summary>
        /// posix-account
        /// </summary>
        public const string POSIX_ACCOUNT = "posixAccount";

        /// <summary>
        /// Org person
        /// </summary>
        public const string ORGANIZATIONAL_PERSON = "organizationalPerson";

        /// <summary>
        /// User
        /// </summary>
        public const string USER = "user";

        /// <summary>
        /// Computer
        /// </summary>
        public const string COMPUTER = "computer";

        /// <summary>
        /// RPC container
        /// </summary>
        public const string RPC_CONTAINER = "rpcContainer";

        /// <summary>
        /// Built in domain flag
        /// </summary>
        public const string BUILD_IN_DOMAIN = "builtinDomain";
    }
}
